At RSA Conference 2017, the Cyber Threat Alliance announced the next phase in its evolution.

  • Cyber Threat Alliance formally incorporates.
  • Founding members, including McAfee, invest in Cyber Threat Alliance.
  • New automated threat intelligence sharing platform.
Read Blog

Threat Intelligence Sharing

Improve protection against cyberattacks through shared threat intelligence

Threat intelligence is curated information about an existing or emerging cyberthreat that can be distributed for the purpose of improving defenses against a specific attack. Going beyond IP addresses, hashes, and other core threat identifiers, threat intelligence provides critical context around a threat activity, including indicators of compromise (IoC), indicators of attack (IoA), the tactics employed, and, potentially, the motivation and identity of the adversary. Through leadership within the threat intelligence sharing community and by developing technologies that more easily share and use threat intelligence, we help customers better identify and stop attacks.

Our Threat Intelligence Sharing Technologies and Alliances


Enables security devices to share intelligence and orchestrate security operations in real time.

McAfee Threat Intelligence Exchange

Combines multiple threat information sources and instantly shares this data out to all connected security products.

McAfee Global Threat Intelligence

Collects threat activity from millions of sensors worldwide and an extensive research team, and makes it instantly available to all connected security products.

Solution Brief: Operationalizing Threat Intelligence

Learn how to integrate threat intelligence with McAfee solutions.

Cyber Threat Alliance

Cyber Threat Alliance

An alliance of leading cybersecurity solution providers—including McAfee—have come together to share threat intelligence on advanced attacks, their motivations, and the tactics of the malicious actors behind them.

Threat Intelligence Sharing Standards and Government Initiatives



TAXII,™ the Trusted Automated eXchange of Indicator Information
A set of services and message exchanges, enabling automated and secure sharing of cyberthreat information.


STIX,™ the Structured Threat Information eXpression
A structured exchange format used to convey specific cyberthreat information.


CybOX,™ the Cyber Observable eXpression
A language for encoding “cyber observables,” providing a standardized representation of facts in the cyber domain.

Government Initiatives


U.S. Cybersecurity Information Sharing Act of 2015 (S.754)
A U.S. federal government law that allows for the sharing of threat intelligence information.


U.S. Executive Order 13691—Commission on Enhancing National Cybersecurity
A U.S. presidential executive order forming a commission chartered to make recommendations to strengthen cybersecurity.


Information Sharing and Analysis Organization (ISAO) Standards Organization
Chartered to identify a common set of voluntary standards or guidelines for the creation and functioning of ISAOs, leading to more consistent sharing alliances.


US-CERT—Automated Indicator Sharing (AIS) Tool
Enables the exchange of cyberthreat indicators between the U.S. federal government and the private sector at machine speed.


McAfee Blogs



Lawfare Blogs

View All Blogs on Threat Intelligence Sharing
icon-twitterFollow McAfee Labs on Twitter